ff-admin-server/src/helpers/permissionHelper.ts

125 lines
4.1 KiB
TypeScript
Raw Normal View History

import { Request, Response } from "express";
import {
PermissionModule,
permissionModules,
PermissionObject,
PermissionSection,
PermissionString,
PermissionType,
permissionTypes,
} from "../type/permissionTypes";
import ForbiddenRequestException from "../exceptions/forbiddenRequestException";
export default class PermissionHelper {
static passCheckMiddleware(
section: PermissionSection,
module: PermissionModule,
requiredPermissions: Array<PermissionType> | "*"
): (req: Request, res: Response, next: Function) => void {
return (req: Request, res: Response, next: Function) => {
const permissions = req.rights;
if (permissions.admin) {
next();
} else if (permissions?.[section]?.all) {
next();
} else if (permissions?.[section]?.all) {
next();
} else if (permissions?.[section]?.[module] == "*") {
next();
} else if (
(permissions?.[section]?.[module] as Array<PermissionType>).some((e: PermissionType) =>
requiredPermissions.includes(e)
)
) {
next();
} else {
throw new ForbiddenRequestException(
`missing permission for ${section}.${module}.${
Array.isArray(requiredPermissions) ? requiredPermissions.join("|") : requiredPermissions
}`
);
}
};
}
static convertToObject(permissions: Array<PermissionString>): PermissionObject {
if (permissions.includes("*")) {
return {
admin: true,
};
}
let output: PermissionObject = {};
let splitPermissions = permissions.map((e) => e.split(".")) as Array<
[PermissionSection, PermissionModule | PermissionType | "*", PermissionType | "*"]
>;
for (let split of splitPermissions) {
if (!output[split[0]]) {
output[split[0]] = {};
}
if (split[1] == "*" || output[split[0]].all == "*") {
output[split[0]] = { all: "*" };
} else if (permissionTypes.includes(split[1] as PermissionType)) {
if (!output[split[0]].all || !Array.isArray(output[split[0]].all)) {
output[split[0]].all = [];
}
const permissionIndex = permissionTypes.indexOf(split[1] as PermissionType);
const appliedPermissions = permissionTypes.slice(0, permissionIndex + 1);
output[split[0]].all = appliedPermissions;
} else {
if (split[2] == "*" || output[split[0]][split[1] as PermissionModule] == "*") {
output[split[0]][split[1] as PermissionModule] = "*";
} else {
if (
!output[split[0]][split[1] as PermissionModule] ||
!Array.isArray(output[split[0]][split[1] as PermissionModule])
) {
output[split[0]][split[1] as PermissionModule] = [];
}
const permissionIndex = permissionTypes.indexOf(split[2] as PermissionType);
const appliedPermissions = permissionTypes.slice(0, permissionIndex + 1);
output[split[0]][split[1] as PermissionModule] = appliedPermissions;
}
}
}
return output;
}
static convertToStringArray(permissions: PermissionObject): Array<PermissionString> {
if (permissions.admin) {
return ["*"];
}
let output: Array<PermissionString> = [];
let sections = Object.keys(permissions) as Array<PermissionSection>;
for (let section of sections) {
if (permissions[section].all) {
let types = permissions[section].all;
if (types == "*") {
output.push(`${section}.*`);
} else {
for (let type of types) {
output.push(`${section}.${type}`);
}
}
} else {
let modules = Object.keys(permissions[section]) as Array<PermissionModule>;
for (let module of modules) {
let types = permissions[section][module];
if (types == "*") {
output.push(`${section}.${module}.*`);
} else {
for (let type of types) {
output.push(`${section}.${module}.${type}`);
}
}
}
}
}
return output;
}
static getWhatToAdd() {}
static getWhatToRemove() {}
}